mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2025-02-04 17:05:22 -05:00
Merge branch 'disposablevm-template'
This commit is contained in:
Andrew David Wong
commit
3e4e27d1ad
@ -25,10 +25,10 @@ See [this article](https://blog.invisiblethings.org/2010/06/01/disposable-vms.ht
|
||||
|
||||
## Security ##
|
||||
|
||||
If a [DVM Template] becomes compromised, then any DisposableVM based on that DVM Template could be compromised.
|
||||
In particular, the *default* DVM Template is important because it is used by the "Open in DisposableVM" feature.
|
||||
If a [DisposableVM Template] becomes compromised, then any DisposableVM based on that DisposableVM Template could be compromised.
|
||||
In particular, the *default* DisposableVM Template is important because it is used by the "Open in DisposableVM" feature.
|
||||
This means that it will have access to everything that you open with this feature.
|
||||
For this reason, it is strongly recommended that you base the default DVM Template on a trusted TemplateVM.
|
||||
For this reason, it is strongly recommended that you base the default DisposableVM Template on a trusted TemplateVM.
|
||||
|
||||
### DisposableVMs and Local Forensics ###
|
||||
|
||||
@ -43,42 +43,42 @@ When it is essential to avoid leaving any trace, consider using [Tails](https://
|
||||
|
||||
### DisposableVMs and Networking ###
|
||||
|
||||
Similarly to how AppVMs are based on their underlying [TemplateVM](https://www.qubes-os.org/doc/glossary/#templatevm), DisposableVMs are based on their underlying [DVM Template](https://www.qubes-os.org/doc/glossary/#dvm-template).
|
||||
R4.0 introduces the concept of multiple DVM Templates, whereas R3.2 was limited to only one.
|
||||
Similarly to how AppVMs are based on their underlying [TemplateVM](https://www.qubes-os.org/doc/glossary/#templatevm), DisposableVMs are based on their underlying [DisposableVM Template](https://www.qubes-os.org/doc/glossary/#disposablevm-template).
|
||||
R4.0 introduces the concept of multiple DisposableVM Templates, whereas R3.2 was limited to only one.
|
||||
|
||||
On a fresh installation of Qubes, the default DVM Template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM).
|
||||
If you have included the Whonix option in your install, there will also be a `whonix-ws-dvm` DVM Template available for your use.
|
||||
On a fresh installation of Qubes, the default DisposableVM Template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM).
|
||||
If you have included the Whonix option in your install, there will also be a `whonix-ws-dvm` DisposableVM Template available for your use.
|
||||
|
||||
You can set any AppVM to have the ability to act as a DVM Template with:
|
||||
You can set any AppVM to have the ability to act as a DisposableVM Template with:
|
||||
|
||||
qvm-prefs <vmname> template_for_dispvms True
|
||||
|
||||
The default system wide DVM Template can be changed with `qubes-prefs default_dispvm`.
|
||||
By combining the two, choosing `Open in DisposableVM` from inside an AppVM will open the document in a DisposableVM based on the default DVM Template you specified.
|
||||
The default system wide DisposableVM Template can be changed with `qubes-prefs default_dispvm`.
|
||||
By combining the two, choosing `Open in DisposableVM` from inside an AppVM will open the document in a DisposableVM based on the default DisposableVM Template you specified.
|
||||
|
||||
You can change this behaviour for individual VMs: in the Application Menu, open Qube Settings for the VM in question and go to the "Advanced" tab.
|
||||
Here you can edit the "Default DisposableVM" setting to specify which DVM Template will be used to launch DisposableVMs from that VM.
|
||||
Here you can edit the "Default DisposableVM" setting to specify which DisposableVM Template will be used to launch DisposableVMs from that VM.
|
||||
This can also be changed from the command line with:
|
||||
|
||||
qvm-prefs <vmname> default_dispvm <dvmtemplatename>
|
||||
|
||||
For example, `anon-whonix` has been set to use `whonix-ws-dvm` as its `default_dispvm`, instead of the system default.
|
||||
You can even set an AppVM that has also been configured as a DVM Template to use itself, so DisposableVMs launched from within the AppVM/DVM Template would inherit the same settings.
|
||||
You can even set an AppVM that has also been configured as a DisposableVM Template to use itself, so DisposableVMs launched from within the AppVM/DisposableVM Template would inherit the same settings.
|
||||
|
||||
NetVM and firewall rules for DVM Templates can be set as they can for a normal VM.
|
||||
By default a DisposableVM will inherit the NetVM and firewall settings of the DVM Template on which it is based.
|
||||
NetVM and firewall rules for DisposableVM Templates can be set as they can for a normal VM.
|
||||
By default a DisposableVM will inherit the NetVM and firewall settings of the DisposableVM Template on which it is based.
|
||||
This is a change in behaviour from R3.2, where DisposableVMs would inherit the settings of the AppVM from which they were launched.
|
||||
Therefore, launching a DisposableVM from an AppVM will result in it using the network/firewall settings of the DVM Template on which it is based.
|
||||
Therefore, launching a DisposableVM from an AppVM will result in it using the network/firewall settings of the DisposableVM Template on which it is based.
|
||||
For example, if an AppVM uses sys-net as its NetVM, but the default system DisposableVM uses sys-whonix, any DisposableVM launched from this AppVM will have sys-whonix as its NetVM.
|
||||
|
||||
**Warning:** The opposite is also true. This means if you have changed anon-whonix's `default_dispvm` to use the system default, and the system default DisposableVM uses sys-net, launching a DisposableVM from inside anon-whonix will result in the DisposableVM using sys-net.
|
||||
|
||||
A DisposableVM launched from the Start Menu inherits the NetVM and firewall settings of the DVM Template on which it is based.
|
||||
Note that changing the "NetVM" setting for the system default DVM Template *does* affect the NetVM of DisposableVMs launched from the Start Menu.
|
||||
Different DVM Templates with individual NetVM settings can be added to the Start Menu.
|
||||
A DisposableVM launched from the Start Menu inherits the NetVM and firewall settings of the DisposableVM Template on which it is based.
|
||||
Note that changing the "NetVM" setting for the system default DisposableVM Template *does* affect the NetVM of DisposableVMs launched from the Start Menu.
|
||||
Different DisposableVM Templates with individual NetVM settings can be added to the Start Menu.
|
||||
|
||||
**Important Notes:**
|
||||
Some DVM Templates will automatically create a menu item to launch a DVM, if you do not see an entry and want to add one please use the command:
|
||||
Some DisposableVM Templates will automatically create a menu item to launch a DVM, if you do not see an entry and want to add one please use the command:
|
||||
|
||||
qvm-features deb-dvm appmenus-dispvm 1
|
||||
|
||||
@ -143,11 +143,11 @@ The label color will be inherited from the `dvm-template`.
|
||||
(The DisposableVM Application Launcher shortcut used for starting programs runs a very similar command to the one above.)
|
||||
|
||||
|
||||
#### Opening a link in a DisposableVM based on a non-default DVM Template from a qube ####
|
||||
#### Opening a link in a DisposableVM based on a non-default DisposableVM Template from a qube ####
|
||||
|
||||
Suppose that the default DVM Template for your `email` qube has no networking (e.g., so that untrusted attachments can't phone home).
|
||||
Suppose that the default DisposableVM Template for your `email` qube has no networking (e.g., so that untrusted attachments can't phone home).
|
||||
However, sometimes you want to open email links in DisposableVMs.
|
||||
Obviously, you can't use the default DVM Template, since it has no networking, so you need to be able to specify a different DVM Template.
|
||||
Obviously, you can't use the default DisposableVM Template, since it has no networking, so you need to be able to specify a different DisposableVM Template.
|
||||
You can do that with this command from the `email` qube (as long as your RPC policies allow it):
|
||||
|
||||
~~~
|
||||
@ -175,10 +175,10 @@ Thus if an AppVM uses sys-net as its NetVM, any DisposableVM launched from this
|
||||
You can change this behaviour for individual VMs: in Qubes VM Manager open VM Settings for the VM in question and go to the "Advanced" tab.
|
||||
Here you can edit the "NetVM for DisposableVM" setting to change the NetVM of any DisposableVM launched from that VM.
|
||||
|
||||
A DisposableVM launched from the Start Menu inherits the NetVM of the [DVM Template](/doc/glossary/#dvm-template).
|
||||
A DisposableVM launched from the Start Menu inherits the NetVM of the [DisposableVM Template](/doc/glossary/#disposablevm-template).
|
||||
By default the DVM template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM).
|
||||
As an "internal" VM it is hidden in Qubes VM Manager, but can be shown by selecting "Show/Hide internal VMs".
|
||||
Note that changing the "NetVM for DisposableVM" setting for the DVM Template does *not* affect the NetVM of DisposableVMs launched from the Start Menu; only changing the DVM Template's own NetVM does.
|
||||
Note that changing the "NetVM for DisposableVM" setting for the DisposableVM Template does *not* affect the NetVM of DisposableVMs launched from the Start Menu; only changing the DisposableVM Template's own NetVM does.
|
||||
|
||||
|
||||
### Opening a file in a DisposableVM via GUI ###
|
||||
@ -244,5 +244,5 @@ These changes will be reflected in every new DisposableVM based on that template
|
||||
Full instructions can be found [here](/doc/disposablevm-customization/).
|
||||
|
||||
|
||||
[DVM Template]: /doc/glossary/#dvm-template
|
||||
[DisposableVM Template]: /doc/glossary/#disposablevm-template
|
||||
|
||||
|
||||
@ -252,7 +252,7 @@ Beginning with Qubes 4.0 and after [QSB #45], we implemented two changes:
|
||||
VM-specific property is set with the `qvm-prefs` command, while the
|
||||
global property is set with the `qubes-prefs` command.
|
||||
|
||||
2. Created the `default-mgmt-dvm` DVM Template, which is hidden from
|
||||
2. Created the `default-mgmt-dvm` DisposableVM Template, which is hidden from
|
||||
the menu (to avoid accidental use), has networking disabled, and has
|
||||
a black label (the same as TemplateVMs). This VM is set as the global
|
||||
`management_dispvm`. Keep in mind that this DVM template has full control
|
||||
|
||||
@ -16,18 +16,18 @@ DisposableVM Customization
|
||||
Security
|
||||
--------
|
||||
|
||||
If a DVM Template becomes compromised, then any DisposableVM based on that DVM Template could be compromised.
|
||||
Therefore, you should not make any risky customizations (e.g., installing untrusted browser plugins) in important DVM Templates.
|
||||
In particular, the *default* DVM Template is important because it is used by the "Open in DisposableVM" feature.
|
||||
If a DisposableVM Template becomes compromised, then any DisposableVM based on that DisposableVM Template could be compromised.
|
||||
Therefore, you should not make any risky customizations (e.g., installing untrusted browser plugins) in important DisposableVM Templates.
|
||||
In particular, the *default* DisposableVM Template is important because it is used by the "Open in DisposableVM" feature.
|
||||
This means that it will have access to everything that you open with this feature.
|
||||
For this reason, it is strongly recommended that you base the default DVM Template on a trusted TemplateVM and refrain from making any risky customizations to it.
|
||||
For this reason, it is strongly recommended that you base the default DisposableVM Template on a trusted TemplateVM and refrain from making any risky customizations to it.
|
||||
|
||||
Qubes 4.0
|
||||
----------
|
||||
|
||||
A DisposableVM (previously known as a "DispVM") in Qubes 4.0 can be based on any TemplateBasedVM.
|
||||
You can also choose to use different DVM Templates for different DisposableVMs.
|
||||
To prepare AppVM to be a DVM Template, you need to set `template_for_dispvms` property, for example:
|
||||
You can also choose to use different DisposableVM Templates for different DisposableVMs.
|
||||
To prepare AppVM to be a DisposableVM Template, you need to set `template_for_dispvms` property, for example:
|
||||
|
||||
[user@dom0 ~]$ qvm-prefs fedora-26-dvm template_for_dispvms True
|
||||
|
||||
@ -35,30 +35,30 @@ Additionally, if you want to have menu entries for starting applications in Disp
|
||||
|
||||
[user@dom0 ~]$ qvm-features fedora-26-dvm appmenus-dispvm 1
|
||||
|
||||
### Creating a new DVM Template ###
|
||||
### Creating a new DisposableVM Template ###
|
||||
|
||||
In Qubes 4.0, you're no longer restricted to a single DVM Template. Instead, you can create as many as you want. Whenever you start a new DisposableVM, you can choose to base it on whichever DVM Template you like.
|
||||
To create new DVM Template, lets say `custom-dvm`, based on `debian-9` template, use following commands:
|
||||
In Qubes 4.0, you're no longer restricted to a single DisposableVM Template. Instead, you can create as many as you want. Whenever you start a new DisposableVM, you can choose to base it on whichever DisposableVM Template you like.
|
||||
To create new DisposableVM Template, lets say `custom-disposablevm-template`, based on `debian-9` template, use following commands:
|
||||
|
||||
[user@dom0 ~]$ qvm-create --template debian-9 --label red custom-dvm
|
||||
[user@dom0 ~]$ qvm-prefs custom-dvm template_for_dispvms True
|
||||
[user@dom0 ~]$ qvm-features custom-dvm appmenus-dispvm 1
|
||||
[user@dom0 ~]$ qvm-create --template debian-9 --label red custom-disposablevm-template
|
||||
[user@dom0 ~]$ qvm-prefs custom-disposablevm-template template_for_dispvms True
|
||||
[user@dom0 ~]$ qvm-features custom-disposablevm-template appmenus-dispvm 1
|
||||
|
||||
Additionally you may want to set it as default DVM Template:
|
||||
Additionally you may want to set it as default DisposableVM Template:
|
||||
|
||||
[user@dom0 ~]$ qubes-prefs default_dispvm custom-dvm
|
||||
[user@dom0 ~]$ qubes-prefs default_dispvm custom-disposablevm-template
|
||||
|
||||
The above default is used whenever a qube request starting a new DisposableVM and do not specify which one (for example `qvm-open-in-dvm` tool). This can be also set in qube settings and will affect service calls from that qube. See [qrexec documentation](/doc/qrexec3/#extra-keywords-available-in-qubes-40-and-later) for details.
|
||||
|
||||
If you wish to use the `fedora-minimal` template as a DVM Template, see the "DVM Template" use case under [fedora-minimal customization](/doc/templates/fedora-minimal/#customization).
|
||||
If you wish to use the `fedora-minimal` template as a DisposableVM Template, see the "DisposableVM Template" use case under [fedora-minimal customization](/doc/templates/fedora-minimal/#customization).
|
||||
|
||||
|
||||
### Customization of DisposableVM ###
|
||||
|
||||
It is possible to change the settings for each new DisposableVM.
|
||||
This can be done by customizing the DVM Template on which it is based:
|
||||
This can be done by customizing the DisposableVM Template on which it is based:
|
||||
|
||||
1. Start a terminal in the `fedora-26-dvm` qube (or another DVM Template) by running the following command in a dom0 terminal. (If you enable `appmenus-dispvm` feature (as explained at the top), applications menu for this VM (`fedora-26-dvm`) will be "Disposable: fedora-26-dvm" (instead of "Domain: fedora-26-dvm") and entries there will start new DisposableVM based on that VM (`fedora-26-dvm`). Not in that VM (`fedora-26-dvm`) itself).
|
||||
1. Start a terminal in the `fedora-26-dvm` qube (or another DisposableVM Template) by running the following command in a dom0 terminal. (If you enable `appmenus-dispvm` feature (as explained at the top), applications menu for this VM (`fedora-26-dvm`) will be "Disposable: fedora-26-dvm" (instead of "Domain: fedora-26-dvm") and entries there will start new DisposableVM based on that VM (`fedora-26-dvm`). Not in that VM (`fedora-26-dvm`) itself).
|
||||
|
||||
[user@dom0 ~]$ qvm-run -a fedora-26-dvm gnome-terminal
|
||||
|
||||
@ -144,27 +144,27 @@ Functionality is not limited, users can:
|
||||
|
||||
Using DisposableVMs in this manner is ideal for untrusted qubes which require persistent PCI devices, such as USB VMs and NetVMs.
|
||||
|
||||
>_**Note:**_ Users who want customized VPN or firewall rule sets must create a separate dvm for use by each DisposableVM. If dvm customization is not needed, then a single dvm is used as a template for all DisposableVMs.
|
||||
>_**Note:**_ Users who want customized VPN or firewall rule sets must create a separate DisposableVM Template for use by each DisposableVM. If DisposableVM Template customization is not needed, then a single DisposableVM Template is used as a template for all DisposableVMs.
|
||||
|
||||
#### Create and configure the DVM Template on which the DisposableVM will be based ####
|
||||
#### Create and configure the DisposableVM Template on which the DisposableVM will be based ####
|
||||
|
||||
1. Create the dvm
|
||||
1. Create the DisposableVM Template
|
||||
|
||||
[user@dom0 ~]$ qvm-create --class AppVM --label gray <dvm-name>
|
||||
[user@dom0 ~]$ qvm-create --class AppVM --label gray <DisposableVM-Template-Name>
|
||||
|
||||
2. _(optional)_ In the dvm, add custom firewall rule sets, Qubes VPN scripts etc
|
||||
2. _(optional)_ In the DisposableVM Template, add custom firewall rule sets, Qubes VPN scripts etc
|
||||
|
||||
Firewall rules sets and Qubes VPN scripts can be added just like any other VM
|
||||
|
||||
3. Set the dvm as template for DisposableVMs
|
||||
3. Set the DisposableVM Template as template for DisposableVMs
|
||||
|
||||
[user@dom0 ~]$ qvm-prefs <dvm_name> template_for_dispvms true
|
||||
[user@dom0 ~]$ qvm-prefs <DisposableVM-Template-Name> template_for_dispvms true
|
||||
|
||||
#### Create the sys-net DisposableVM ####
|
||||
|
||||
1. Create `sys-net` DisposableVM based on the dvm
|
||||
1. Create `sys-net` DisposableVM based on the DisposableVM Template
|
||||
|
||||
[user@dom0 ~]$ qvm-create --template <dvm_name> --class DispVM --label red disp-sys-net
|
||||
[user@dom0 ~]$ qvm-create --template <DisposableVM-Template-Name> --class DispVM --label red disp-sys-net
|
||||
|
||||
2. Set `disp-sys-net` virtualization mode to [hvm](/doc/hvm/)
|
||||
|
||||
@ -198,7 +198,7 @@ Using DisposableVMs in this manner is ideal for untrusted qubes which require pe
|
||||
|
||||
1. Create `sys-firewall` DisposableVM
|
||||
|
||||
[user@dom0 ~]$ qvm-create --template <dvm_name> --class DispVM --label green disp-sys-firewall
|
||||
[user@dom0 ~]$ qvm-create --template <DisposableVM-Template-Name> --class DispVM --label green disp-sys-firewall
|
||||
|
||||
2. Set `disp-sys-firewall` to provide network for other VMs
|
||||
|
||||
@ -224,7 +224,7 @@ Using DisposableVMs in this manner is ideal for untrusted qubes which require pe
|
||||
|
||||
1. Create the `disp-sys-usb`
|
||||
|
||||
[user@dom0 ~]$ qvm-create --template <dvm-name> --class DispVM --label red disp-sys-usb
|
||||
[user@dom0 ~]$ qvm-create --template <disposablevm-template-name> --class DispVM --label red disp-sys-usb
|
||||
|
||||
2. Set the `disp-sys-usb` virtualization mode to hvm
|
||||
|
||||
@ -281,17 +281,17 @@ If the `disp-sys-usb` does not start, it could be due to a PCI passthrough probl
|
||||
Deleting disposable VM is slightly peculiar. While working in a VM or disposable VM, you may want to open a document in another disposable VM. For this reason, the property `default_dispvm` may be set to the name of your disposable VM in a number of VMs:
|
||||
|
||||
[user@dom0 ~]$ qvm-prefs workvm | grep default_dispvm
|
||||
default_dispvm - custom-dvm
|
||||
default_dispvm - custom-disposablevm-template
|
||||
|
||||
This will prevent the deletion of the DVM. In order to fix this you need to unset the `default_dispvm` property:
|
||||
This will prevent the deletion of the DisposableVM Template. In order to fix this you need to unset the `default_dispvm` property:
|
||||
|
||||
[user@dom0 ~]$ qvm-prefs workvm default_dispvm ""
|
||||
|
||||
You can then delete the DVM:
|
||||
You can then delete the DisposableVM Template:
|
||||
|
||||
[user@dom0 ~]$ qvm-remove custom-dvm
|
||||
[user@dom0 ~]$ qvm-remove custom-disposablevm-template
|
||||
This will completely remove the selected VM(s)
|
||||
custom-dvm
|
||||
custom-disposablevm-template
|
||||
|
||||
If you still encounter the issue, you may have forgot to clean an entry. Looking at the system logs will help you
|
||||
|
||||
@ -300,9 +300,9 @@ If you still encounter the issue, you may have forgot to clean an entry. Looking
|
||||
Qubes 3.2
|
||||
----------
|
||||
|
||||
### Changing the DVM Template ###
|
||||
### Changing the DisposableVM Template ###
|
||||
|
||||
You may want to use a non-default template the [DVM Template](/doc/glossary/#dvm-template). One example is to use a less-trusted template with some less trusted, third-party, often unsigned, applications installed, such as e.g. third-party printer drivers.
|
||||
You may want to use a non-default template the [DisposableVM Template](/doc/glossary/#disposablevm-template). One example is to use a less-trusted template with some less trusted, third-party, often unsigned, applications installed, such as e.g. third-party printer drivers.
|
||||
|
||||
In order to regenerate the DisposableVM "snapshot" (called 'savefile' on Qubes) one can use the following command in Dom0:
|
||||
|
||||
@ -321,19 +321,19 @@ One can easily verify if the new DisposableVM template is indeed based on a cust
|
||||
lrwxrwxrwx 1 user user 49 Mar 11 13:59 default_savefile -> /var/lib/qubes/appvms/f17-yellow-dvm/dvm-savefile
|
||||
lrwxrwxrwx 1 user user 47 Mar 11 13:59 savefile_root -> /var/lib/qubes/vm-templates/f17-yellow/root.img
|
||||
|
||||
If you wish to use the `fedora-minimal` template as a DVM Template, see the "DVM Template" use case under [fedora-minimal customization](/doc/templates/fedora-minimal/#customization).
|
||||
If you wish to use the `fedora-minimal` template as a DisposableVM Template, see the "DisposableVM Template" use case under [fedora-minimal customization](/doc/templates/fedora-minimal/#customization).
|
||||
|
||||
|
||||
### Customization of DisposableVM ###
|
||||
|
||||
It is possible to change the settings of each new DisposableVM. This can be done by customizing the DVM Template:
|
||||
It is possible to change the settings of each new DisposableVM. This can be done by customizing the DisposableVM Template:
|
||||
|
||||
1. Start a terminal in the `fedora-23-dvm` TemplateVM by running the following command in a dom0 terminal. (By default, this TemplateVM is not shown in Qubes VM Manager. However, it can be shown by selecting "Show/Hide internal VMs.")
|
||||
|
||||
|
||||
[user@dom0 ~]$ qvm-run -a fedora-23-dvm gnome-terminal
|
||||
|
||||
2. Change the VM's settings and/or applications, as desired. Note that currently Qubes supports exactly one DVM Template, so any changes you make here will affect all DisposableVMs. Some examples of changes you may want to make include:
|
||||
2. Change the VM's settings and/or applications, as desired. Note that currently Qubes supports exactly one DisposableVM Template, so any changes you make here will affect all DisposableVMs. Some examples of changes you may want to make include:
|
||||
- Changing Firefox's default startup settings and homepage.
|
||||
- Changing Nautilus' default file preview settings.
|
||||
- Changing the DisposableVM's default NetVM. For example, you may wish to set the NetVM to "none." Then, whenever you start a new DisposableVM, you can choose your desired ProxyVM manually (by changing the newly-started DisposableVM's settings). This is useful if you sometimes wish to use a DisposableVM with a Whonix Gateway, for example. It is also useful if you sometimes wish to open untrusted files in a network-disconnected DisposableVM.
|
||||
@ -344,11 +344,11 @@ It is possible to change the settings of each new DisposableVM. This can be done
|
||||
[user@fedora-23-dvm ~]$ touch /home/user/.qubes-dispvm-customized
|
||||
|
||||
4. Shutdown the VM (either by `poweroff` from VM terminal, or `qvm-shutdown` from dom0 terminal).
|
||||
5. Regenerate the DVM Template using the default template:
|
||||
5. Regenerate the DisposableVM Template using the default template:
|
||||
|
||||
[user@dom0 ~]$ qvm-create-default-dvm --default-template
|
||||
|
||||
Or, if you're [using a non-default template](#changing-the-dvm-template), regenerate the DVM Template using your custom template:
|
||||
Or, if you're [using a non-default template](#changing-the-disposablevm-template), regenerate the DisposableVM Template using your custom template:
|
||||
|
||||
[user@dom0 ~]$ qvm-create-default-dvm <custom-template-name>
|
||||
|
||||
|
||||
@ -96,17 +96,17 @@ Note about additional disp-* qubes created during restore
|
||||
One of differences between R3.2 and R4.0 is the handling of DisposableVMs.
|
||||
In R3.2, a DisposableVM inherited its network settings (NetVM and firewall rules) from the calling qube.
|
||||
In R4.0, this is no longer the case.
|
||||
Instead, in R4.0 it's possible to create multiple DVM Templates and choose which one should be used by each qube.
|
||||
It's even possible to use different DVM Templates for different operations from the same qube.
|
||||
Instead, in R4.0 it's possible to create multiple DisposableVM Templates and choose which one should be used by each qube.
|
||||
It's even possible to use different DisposableVM Templates for different operations from the same qube.
|
||||
This allows much more flexibility, since it allows you to differentiate not only network settings, but all of a qube's properties (including its template, memory settings, etc.).
|
||||
|
||||
Restoring a backup from R3.2 preserves the old behavior by creating separate DVM Template for each network-providing qube (and also `disp-no-netvm` for network-isolated qubes).
|
||||
Then, each restored qube is configured to use the appropriate DVM Template according to its `netvm` or `dispvm_netvm` property from R3.2.
|
||||
Restoring a backup from R3.2 preserves the old behavior by creating separate DisposableVM Template for each network-providing qube (and also `disp-no-netvm` for network-isolated qubes).
|
||||
Then, each restored qube is configured to use the appropriate DisposableVM Template according to its `netvm` or `dispvm_netvm` property from R3.2.
|
||||
This way, DisposableVMs started on R4.0 by qubes restored from a R3.2 backup have the same NetVM settings as they had on R3.2.
|
||||
|
||||
If you find this behavior undesirable and want to configure it differently, you can remove those `disp-*` DVM Templates.
|
||||
If you find this behavior undesirable and want to configure it differently, you can remove those `disp-*` DisposableVM Templates.
|
||||
But, to do so, you must first make sure they are not set as the value for the `default_dispvm` property on any other qube.
|
||||
Both Qubes Manager and the `qvm-remove` tool will show you where a DVM Template is being used, so you can go there and change the setting.
|
||||
Both Qubes Manager and the `qvm-remove` tool will show you where a DisposableVM Template is being used, so you can go there and change the setting.
|
||||
|
||||
Upgrade all Template and Standalone VM(s)
|
||||
-----------------------------------------
|
||||
|
||||
@ -63,7 +63,7 @@ When you install a new template or upgrade a clone of a template, it is recommen
|
||||
|
||||
Qubes Manager --> (Select a VM) --> VM settings --> Template
|
||||
|
||||
3. Base the [DVM Template](/doc/glossary/#dvm-template) on the new template.
|
||||
3. Base the [DisposableVM Template](/doc/glossary/#disposablevm-template) on the new template.
|
||||
If you have set the new template as your default template:
|
||||
|
||||
[user@dom0 ~]$ qvm-create-default-dvm --default-template
|
||||
@ -84,7 +84,7 @@ When you install a new template or upgrade a clone of a template, it is recommen
|
||||
|
||||
Applications Menu --> System Tools --> Qubes Template Manager
|
||||
|
||||
3. Base the [DVM Template](/doc/glossary/#dvm-template) on the new template.
|
||||
3. Base the [DisposableVM Template](/doc/glossary/#disposablevm-template) on the new template.
|
||||
|
||||
[user@dom0 ~]$ qvm-create -l red -t new-template new-template-dvm
|
||||
[user@dom0 ~]$ qvm-prefs new-template-dvm template_for_dispvms True
|
||||
@ -136,7 +136,7 @@ Important Notes (R4.0)
|
||||
|
||||
(1) Upon creation
|
||||
(2) Following shutdown
|
||||
(3) Including [DVM Templates](/doc/glossary/#dvm-template)
|
||||
(3) Including [DisposableVM Templates](/doc/glossary/#disposablevm-template)
|
||||
|
||||
Important Notes (R3.2 and earlier)
|
||||
---------------
|
||||
|
||||
@ -73,7 +73,7 @@ Use case | Description | Required steps
|
||||
**Network utilities** | If you need utilities for debugging and analyzing network connections | Install the following packages: `tcpdump` `telnet` `nmap` `nmap-ncat`
|
||||
**USB** | If you want USB input forwarding to use this template as the basis for a [USB](/doc/usb/) qube such as `sys-usb` | Install `qubes-input-proxy-sender`
|
||||
**VPN** | You can use this template as basis for a [VPN](/doc/vpn/) qube | Use the `dnf search "NetworkManager VPN plugin"` command to look up the VPN packages you need, based on the VPN technology you'll be using, and install them. Some GNOME related packages may be needed as well. After creation of a machine based on this template, follow the [VPN howto](/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager) to configure it.
|
||||
**DVM Template** | If you want to use this VM as a [DVM Template](/doc/glossary/#dvm-template) | Install `perl-Encode`
|
||||
**DisposableVM Template** | If you want to use this VM as a [DisposableVM Template](/doc/glossary/#disposablevm-template) | Install `perl-Encode`
|
||||
|
||||
### Package table for Qubes 4.0
|
||||
|
||||
|
||||
@ -68,7 +68,7 @@ TemplateVMs are intended for installing and updating software applications, but
|
||||
* Colloquially, TemplateVMs are often referred to as "templates."
|
||||
* Since every TemplateVM supplies its *own* root filesystem to at least one other VM, no TemplateVM can be based on another TemplateVM.
|
||||
In other words, no TemplateVM is a [TemplateBasedVM](#templatebasedvm).
|
||||
* Since every TemplateVM supplies its *root* filesystem to at least one other VM, no [DVM Template](#dvm-template) is a TemplateVM.
|
||||
* Since every TemplateVM supplies its *root* filesystem to at least one other VM, no [DisposableVM Template](#disposablevm-template) is a TemplateVM.
|
||||
|
||||
TemplateBasedVM
|
||||
---------------
|
||||
@ -113,7 +113,7 @@ A FirewallVM called `sys-firewall` is created by default in most Qubes installat
|
||||
|
||||
DisposableVM
|
||||
------------
|
||||
[Disposable Virtual Machine]. A temporary [AppVM](#appvm) based on a [DVM Template](#dvm-template) that can quickly be created, used, and destroyed.
|
||||
[Disposable Virtual Machine]. A temporary [AppVM](#appvm) based on a [DisposableVM Template](#disposablevm-template) that can quickly be created, used, and destroyed.
|
||||
|
||||
DispVM
|
||||
------
|
||||
@ -121,22 +121,23 @@ An older term for [DisposableVM](#disposablevm).
|
||||
|
||||
DVM
|
||||
---
|
||||
An abbreviation of [DisposableVM](#disposablevm), typically used to refer to [DVM Templates](#dvm-template).
|
||||
An abbreviation of [DisposableVM](#disposablevm), typically used to refer to [DisposableVM Templates](#disposablevm-template).
|
||||
|
||||
DVM Template
|
||||
------------
|
||||
DisposableVM Template
|
||||
---------------------
|
||||
(Formerly known as a "DVM Template".)
|
||||
A type of [TemplateBasedVM](#templatebasedvm) on which [DisposableVMs](#disposablevm) are based.
|
||||
By default, a DVM Template named `fedora-XX-dvm` is created on most Qubes installations (where `XX` is the Fedora version of the default TemplateVM).
|
||||
DVM Templates are not [TemplateVMs](#templatevm), since (being TemplateBasedVMs) they do not have root filesystems of their own to provide to other VMs.
|
||||
Rather, DVM Templates are complementary to TemplateVMs insofar as DVM Templates provide their own user filesystems to the DisposableVMs based on them.
|
||||
There are two main kinds of DVM Templates:
|
||||
By default, a DisposableVM Template named `fedora-XX-dvm` is created on most Qubes installations (where `XX` is the Fedora version of the default TemplateVM).
|
||||
DisposableVM Templates are not [TemplateVMs](#templatevm), since (being TemplateBasedVMs) they do not have root filesystems of their own to provide to other VMs.
|
||||
Rather, DisposableVM Templates are complementary to TemplateVMs insofar as DisposableVM Templates provide their own user filesystems to the DisposableVMs based on them.
|
||||
There are two main kinds of DisposableVM Templates:
|
||||
|
||||
* **Dedicated** DVM Templates are intended neither for installing nor running software.
|
||||
Rather, they are intended for *customizing* or *configuring* software that has already been installed on the TemplateVM on which the DVM Template is based (see [DisposableVM Customization]).
|
||||
This software is then intended to be run (in its customized state) in DisposableVMs that are based on the DVM Template.
|
||||
* **Non-dedicated** DVM Templates are typically [AppVMs](#appvm) on which DisposableVMs are based.
|
||||
* **Dedicated** DisposableVM Templates are intended neither for installing nor running software.
|
||||
Rather, they are intended for *customizing* or *configuring* software that has already been installed on the TemplateVM on which the DisposableVM Template is based (see [DisposableVM Customization]).
|
||||
This software is then intended to be run (in its customized state) in DisposableVMs that are based on the DisposableVM Template.
|
||||
* **Non-dedicated** DisposableVM Templates are typically [AppVMs](#appvm) on which DisposableVMs are based.
|
||||
For example, an AppVM could be used to generate and store trusted data.
|
||||
Then, a DisposableVM could be created based on the AppVM (thereby making the AppVM a DVM Template) so that the data can be analyzed by an untrusted program without jeopardizing the integrity of the original data.
|
||||
Then, a DisposableVM could be created based on the AppVM (thereby making the AppVM a DisposableVM Template) so that the data can be analyzed by an untrusted program without jeopardizing the integrity of the original data.
|
||||
|
||||
PV
|
||||
--
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user